New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Virginia National Guard Confirms Cyberattack

Email accounts connected to the Virginia Defense Force and the Virginia Department of Military Affairs were impacted by a cyberattack in July, according to a spokesperson from the Virginia National Guard. A. A. Puryear, chief of public affairs for the Virginia National Guard, told ZDNet that the organization was notified in July about a possible cyber threat against the Virginia Defense Force and began an investigation immediately in coordination with state and federal cybersecurity and law enforcement authorities to determine what was impacted “The investigation determined the threat impacted VDF and Virginia Department of Military Affairs email accounts maintained by a contracted third party, and there are no indications either VDF or DMA internal IT infrastructure or data servers were breached or had data taken,” Puryear said. “There are no impacts on the Virginia Army National Guard or Virginia Air National Guard IT infrastructure. The investigation is ongoing with continued coordination with state and federal partners to determine the full impact of the threat and what appropriate follow-up actions should be taken.” Puryear confirmed that the incident was not a ransomware attack but did not respond to questions about which email addresses were accessed and whether victims have already been notified.  The Virginia Department of Military Affairs is the state agency that supports the Virginia Army National Guard, Virginia Air National Guard, and Virginia Defense Force. The Virginia Defense Force is the all-volunteer reserve of the Virginia National Guard and it “serves as a force multiplier” integrated into all National Guard domestic operations.  On August 20, the Marketo marketplace for stolen data began publicizing a trove of data stolen from the Virginia Department of Military Affairs. They claimed to have 1GB of data available for purchase.

Analyst Notes

All members of the Virginia Defense Force and Virginia Department of Military Affairs are recommended to immediately change the associated passwords to a unique password to this login. Organizations should consider implementing the best practice of requiring Multi-Factor Authentication (MFA) for all accounts, including email. MFA protects accounts even when a password has been compromised. It is also recommended to be wary of any emails that are received from unknown senders and think carefully before entering a password in any page that was linked to from an email.


Source Article: